2025-03-31
2025-03-31 13:15Z
HIGH

CVE-2025-31547 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31547

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aphotrax Uptime Robot Plugin for WordPress uptime-robot-monitor allows SQL Injection.This issue affects Uptime Robot Plugin for WordPress: from n/a through <= 2.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-31
2025-03-31 13:15Z
HIGH

CVE-2025-31542 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31542

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Blind SQL Injection.This issue affects My auctions allegro: from n/a through <= 3.6.20. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-31
2025-03-31 13:15Z
HIGH

CVE-2025-31526 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31526

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eleopard Behance Portfolio Manager portfolio-manager-powered-by-behance allows SQL Injection.This issue affects Behance Portfolio Manager: from n/a through <= 1.7.5. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-28
2025-03-28 15:15Z
CRIT

CVE-2025-22526 — Deserialization: of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22526

Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance statistics: from n/a through <= 1.2.1. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-03-28
2025-03-28 15:15Z
CRIT

CVE-2025-22523 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22523

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in scheduler Schedule schedule allows Blind SQL Injection.This issue affects Schedule: from n/a through <= 1.0.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-28
2025-03-28 15:15Z
HIGH

CVE-2024-54362 — Path: Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54362

Path Traversal: '.../...//' vulnerability in boggibill GetShop ecommerce getshop-ecommerce allows Path Traversal.This issue affects GetShop ecommerce: from n/a through <= 1.3. CVSSv3.1 8.1 (HIGH)

CWECWE 35TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-03-28
2025-03-28 15:15Z
HIGH

CVE-2024-54291 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2024-54291

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 PluginPass pluginpass-pro-plugintheme-licensing allows Manipulating Web Input to File System Calls.This issue affects PluginPass: from n/a through <= 0.9.10. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-03-28
2025-03-28 12:15Z
HIGH

CVE-2025-31466 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-31466

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Falcon Solutions Duplicate Page and Post duplicate-post-and-page allows Blind SQL Injection.This issue affects Duplicate Page and Post: from n/a through <= 1.0. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-28
2025-03-28 12:15Z
HIGH

CVE-2025-2815 — Administrator: The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2815

The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator a CVSSv3.1 8.8 (HIGH)

CWECWE 862VNDAdministratorTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-03-27
2025-03-27 22:15Z
CRIT

CVE-2025-26898 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26898

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-03-27
2025-03-27 22:15Z
CRIT

CVE-2025-26873 — Deserialization: of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26873

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. CVSSv3.1 9.0 (CRITICAL)

CWECWE 502TYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2025-03-27
2025-03-27 22:15Z
HIGH

CVE-2025-26733 — Authorization: Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through <

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26733

Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1. CVSSv3.1 8.2 (HIGH)

CWECWE 862TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-03-27
2025-03-27 16:15Z
CRIT

CVE-2025-26909 — Wpplugins Hide_my_wp_ghost: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26909

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through <= 5.4.01. CVSSv3.1 9.6 (CRITICAL)

CWECWE 98VNDWppluginsTYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-03-27
2025-03-27 16:15Z
HIGH

CVE-2025-22783 — Squirrly Seo_plugin_by_squirrly_seo: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-22783

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through <= 12.4.03. CVSSv3.1 8.5 (HIGH)

CWECWE 89VNDSquirrlyTYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-27
2025-03-27 14:15Z
CRIT

CVE-2025-2857 — Mozilla Firefox: Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-2857

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, CVSSv3.1 10.0 (CRITICAL)

CWECWE 668VNDMozillaVNDFollowingTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30891 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30891

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion.This issue affects WpTravelly: from n/a through <= 1.8.7. CVSSv3.1 8.8 (HIGH)

CWECWE 98TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30846 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30846

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows PHP Local File Inclusion.This issue affects Restaurant Menu by MotoPress: from n/a through <= 2.4.4. CVSSv3.1 8.8 (HIGH)

CWECWE 98TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30819 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30819

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Igor Benic Simple Giveaways giveasap allows SQL Injection.This issue affects Simple Giveaways: from n/a through <= 2.48.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30810 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30810

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Injection.This issue affects Lead Form Data Collection to CRM: from n/a through <= 3.0.1. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30806 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30806

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Constantin Boiangiu Vimeotheque codeflavors-vimeo-video-post-lite allows SQL Injection.This issue affects Vimeotheque: from n/a through <= 2.3.4.2. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30788 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30788

Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup elisqlreports allows SQL Injection.This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through <= 5.25.08. CVSSv3.1 8.2 (HIGH)

CWECWE 352TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30784 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30784

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows SQL Injection.This issue affects WP Subscription Forms: from n/a through <= 1.2.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30783 — Site: Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows SQL

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30783

Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows SQL Injection.This issue affects WP Google Review Slider: from n/a through <= 16.0. CVSSv3.1 8.2 (HIGH)

CWECWE 352TYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30775 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30775

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows SQL Injection.This issue affects WPGuppy: from n/a through <= 1.1.3. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-03-27
2025-03-27 11:15Z
HIGH

CVE-2025-30772 — Authorization: Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30772

Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score